Much of the spyware problem results from users visiting sites that turn out to be untrustworthy or simply malevolent. I'm certainly not inclined to blame the victimized users -- it's hardly their fault that sites run security exploits, offer undisclosed advertising software, or show tricky EULAs that are dozens of pages long. But the resulting software ultimately ends up on users' computers because users browsed to sites that didn't pan out.

How to fix this problem? In theory, it seems easy enough. First, someone needs to examine popular web sites, to figure out which are untrustworthy. Then users' computers need to automatically notify them -- warn them! -- before users reach untrustworthy sites. These aren't new ideas. Indeed, half a dozen vendors have tried such strategies in the past. But for various reasons, their efforts never solved the problem. (Details below).

This month, a new company is announcing a system to protect users from untrustworthy web sites: SiteAdvisor. They've designed a set of robots -- automated web crawlers, virtual machines, and databases -- that have browsed hundreds of thousands of web sites. They've tracked which sites install spyware -- what files installed, what registry changes, what network traffic. And they've built a browser plug-in that provides automated notification of worrisome sites -- handy red balloons when users stray into risky areas, along with annotations on search result pages at leading search engines.

Thanks for posting this. Great screenshots, too._________________Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

Indeed, SiteAdviser does seem to be a quantum leap in internet security and a sign of great things to come with regards to preventing users from hurting themselves by accessing dubious sites. A most exciting and promising innovation to say the least. I look forward to its release in the future.

In the meantime, however, it is a matter of carrying the right amount of security hardware/software onboard and avoiding going to those shady websites so prevalent on the internet these days.

I'm about as skeptical as anyone when it comes to sites that collect user profiles as this one does. (They claim to aggregate & discard.) However, I find this outfit and concept very intriguing. The data transfered is NOT personally identifiable as demo'ed here with the capture of a normal transfer made with every request to any site visited(noted no GUIDs or identifying cookies);

I am tho a little bugged by the fact that the connections don't close untill the session with the page requested ends...constant pings...makes a mess of netstat.

I'm also wondering if this wont be abused like the spam filter sites have been...bogus reports made by ignorant or malicious individuals designed to taint the reputation of sites and or cause chaos. The user feedback forms appear to suggest such a possibility. The feedback forms can be seen on pages such as this one; http://www.siteadvisor.com/sites/carmainc.org

BTW I have the install & event snapshots too in case anyone is interested but there isn't anything noteable enough to cause me to publish them.

I have concerns about this concept but will continue to use/look at it for some time because it does seem to solve many of the probs found by it's predecessors...some of which have just been plain corrupt.

All in all, it looks very interesting and could be very usefull to an average user. I'll reserve my opinion untill they have made it fully available and I've had a more extensive look at it. _________________-

No, this is certainly not a cure all by any stretch, but I think in a general sense, users wil be immediatly re-directed when they see the red flag. And while it will take a rather long time to get a really useful amount of sites covered, they are just beginning.

Yes, there is bound to be some abuse but for this type of app, or for any app for that matter there is potential for that. The proof of the pudding will see how they deal with the abuse to fix it.

I would also note that their server/s have been very slow to respond this morning. This makes using this tool incompatible with fast surfing. For this to work, their responses must be fast. Users wont tolerate slow resposes in their browsers that are caused by a browser add on tool timing out._________________-

This could be good, but as mikey already said, regular folks aren't going to use it and be inconvenienced. If that one screenshot above is what a page looks like, then that's too much information for most people to deal with. Maybe it is a composite picture.

Also, what are these people getting for doing this. Who's paying for all of the bandwidth the bots are using? Do these bots follow a robots.txt? If they do then what if the bad people just block it with it? If it ignores the robots.txt, then isn't that a no no. What happens if the bots are blocked by htacess? Does the site automatically get a red flag? How much bandwidth does the bot use when looking around the site? If it uses alot and visits frequently, then webmasters are likely to block it.

Last edited by Nick on Mon Feb 13, 2006 5:54 am; edited 1 time in total

And while it will take a rather long time to get a really useful amount of sites covered, they are just beginning.

Considering all the timeouts I'm seeing, this brings to mind another concern;
We all know how slow things get when large dbs are parsed. I wonder how they intend to handle that prob. None of the other search engines have really solved the prob incl Google and while some do have browser add ons, they don't depend on that parsing for each and every new request.
Kinda reminds me of the probs experienced with the poor 'you know what kind of' toolbars that are prevalent today._________________-

1. Our hosting facility actually appeared to get DOS'd this morning, severly limiting upstream traffic. They seem to have tracked down the source of the attack and stopped it. In the near future, we will have a full back up web cluster set up at another data center in case this happens again. We are really sorry about this inconvenience.

Our systems right now (while they aren't getting DOS'd!) should be able to handle a very large number of simultanoues users. We actually wrote our own data serving system that prepackages the analyzed data and serves it directly from a memory resident database. Of course we are in early Beta so problems could very well arise. If you experience any performance problems, please feel free to submit feedback directly to us via http://www.siteadvisor.com/feedback.html and we'll try our best to diagnose the issue (we have been personally responding to almost all feedback so far and have already started working on a number of issues people have raised).

2. As to the issue of people potentially using the user feedback mechanism to corrupt the site ratings, we are thinking hard about introducing a full blown "reputation system" for users in the near future, similar to how it is done on sites like eBay. In the short term, we are very likely going to start a "moderator program" where interested users who sign up will have more impact on the site ratings and get greater access to the detailed data. We will also be releasing an API so users can use the data in their own (non-commercial) applications.

Hey Chris, very nice to see ya. I've been in contact with one of your mates...Paul. Seems like a nice sort. I'll quote myself here from my email to him; "I appreciate folks(devs) taking the time to solve user probs and address concerns. It speaks volumns about their character."

Well, it seems you are suffering some growing pains. Many of us in this pri/sec community have had the uncomfortable experience of dealing with severe DDoS attacks. Let's hope your experience is a mild one.

Anyway, again I thank you for taking the time to address our concerns. I would also say that I look fwd to continued exchanging of ideas and concerns. As well, I look fwd to hearing back from Paul(edited). Thx much.

Mike

============
EDIT: BTW While I have your attention; Do you think it could be a good idea to add an on/off toggle(bypass) to the context menu? I was thinking it might be of some use to some users especially when they are first trying out the concept.
Ref; {089FD14D-132B-48FC-8861-0048AE113215} ()
BHO name:
CLSID name:
Path: D:\Program Files\SiteAdvisor\
Long name: saIE.dll__BHODemonDisabled_________________-